iPhone Forensics
Catherine Stamm
The Senator Patrick Leahy Center for Digital Investigation
Introduction
1.1 Research Problem
Over 40 million people around the world own an iPhone. Being a smart phone, there are hundreds of different ways an owner can use the device. Typically, the iPhone, and other smart phones, are used for placing calls and sending text messages, browsing the web, using the GPS, sending emails, staying organized, sharing videos and photos, staying connected through social networking sites and downloading applications. These are just some of the many uses for iPhones, and because so much can be done with one, it provides investigators with a copious amount of data to recover. With such a wide range of capabilities, often times some iPhone users will use their devices with other intentions in mind. If any illegal activity does take place on the phone, it’s likely that the user has or has attempted to delete the evidence. It’s important to conduct a thorough investigation of iPhones in order to obtain this deleted data.
1.2 Field of Research
The majority of this research was based on finding deleted data from an iPhone 3G and to provide a definitive answer as to where certain parts of data can be found. This phone had no active service, but a lot of data was still generated on the phone using a Wi-Fi connection. Different methods of conducting iPhone forensics were researched and multiple notes were taken to validate the process.
1.3 Research Questions
1. How much data will actually be displayed during a logical acquisition of the iPhone?
2. Will Oxygen Forensic Suite find deleted photos/videos?
3. Will any passwords for accounts associated with the iPhone be provided?
4. Is there evidence of deleted internet history?
5. Which forensic tools will still work when the iPhone has a passcode lock?
6. Is application data still stored on the iPhone after it has been deleted?
7. Does Oxygen detect Virtual Private Network (VPN) usage?
8. Is more information obtained when the iPhone is jailbroken?
http://www.youtube.com/watch?v=zJNkITzarvo
For Part 2 of this project, see “iPhone Forensics Part 2”.
If you have any comments, questions and/or suggestion please feel free to leave a comment here on the blog. Or feel free to email us at LCDI@champlain.edu, with” iPhone Forensics” in the subject.